CVE-2025-64326: Weblate leaks the IP of project member inviting user to be reviewer in Audit log
(updated )
Weblate leaks the IP address of the project member inviting the user to the project in the audit log.
References
- github.com/WeblateOrg/weblate/commit/b847e9756a0a6f7659ef20fa9f34846ca862c574
- github.com/WeblateOrg/weblate/pull/16781
- github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc
- github.com/advisories/GHSA-gr35-vpx2-qxhc
- github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-230.yaml
- nvd.nist.gov/vuln/detail/CVE-2025-64326
Code Behaviors & Features
Detect and mitigate CVE-2025-64326 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →